How to avoid phishing emails

Explosive growth in online activity has given rise to a burgeoning underworld of cybercrime.

Scammers are using corporate email addresses or posing as representatives from reputable companies to fraudulently extract access to money or information for their own purposes.

One of the most common scams is phishing emails. As the name suggests, these emails are designed to catch you and reel you in.

And there are a rising number of baited hooks floating around out there. According to the Anti-Phishing Working Group, described as a global coalition focused on unifying an international response to cybercrime, 2016 was a record year for phishers.

Its fourth quarter Phishing Activity Trend Report put the total number of phishing attacks in 2016 at 1,220,523, a 65% jump from 2015.

Despite this startling increase, there are some simple ways to protect yourself from falling victim to a scam.

Will Jurie, Pre-Sales Technical Specialist at Microsoft NZ, advised that the golden rule of never opening a suspicious email or attachment holds true.

He said: “Even if an email is from what looks to be a legitimate source like a colleague or friend or financial institution, if something looks or feels ‘off’ you should exercise caution.”

Tell-tale signs include domain names or email addresses that appear to be very close to the correct address, but have been altered by the addition of a second word, for example.

Jurie also said recipients should sense-check whether the communication they have received and the language it contains is what they would expect from that source.

“More advanced attacks can mask the email to seemingly come from a reputable source but either the English or the wording may not align with the way that person or company would usually communicate with you.”

In addition to being alive to the clues and acting with caution, Jurie said you should ensure you have the right sort of technology in place, which in the case of emails specifically, includes Microsoft’s Office 365 Advanced Threat Protection.

Attempts to elicit sensitive information are not limited to emails. A new wave of scammers calling people to ‘warn them’ about fake viruses on their computers have been targeting New Zealand.

The scammers call their victims or use ‘pop-up’ messages on screen claiming to be a representative of Microsoft who has identified a problem with the device.

An offer is made to fix the device via remote access to the computer which gives the phony caller access to passwords and financial information.

In this case, the key message Microsoft wants to make clear once again to New Zealand internet users is that the company will NEVER call them asking for remote access to their computer.

Nor will they call customers at home saying they have detected a problem with their computer, or ask for passwords or other private details in any forum.

It is most often trusted brands and companies that are used as covers for email scams, but it is these companies specifically who will never ask you for secure information like usernames, passwords, PINs, Netcode or credit card information, or ask you to log in to your internet banking account directly via an email.

Despite email and phone scams becoming ever more sophisticated and pervasive, vigilance is still the best defence.